Bit.ly Accounts Compromised

May 12, 2014

As Bit.ly users who fired up their emails this morning already know, the link shortening service has been compromised. According to a letter from CEO Mark Josephson on their blog “We have reason to believe that Bitly account credentials have been compromised; specifically, users’ email addresses, encrypted passwords, API keys and OAuth tokens. We have no indication at this time that any accounts have been accessed without permission. We have taken steps to ensure the security of all accounts, including disconnecting all users’ Facebook and Twitter accounts. All users can safely reconnect these accounts at their next login.

We are recommending all Bitly users make these changes. Please take the following steps to secure your account: change your API key and OAuth token, reset your password, and reconnect your Facebook and Twitter accounts.

We invalidated all credentials within Facebook and Twitter. Although users may see their Facebook and Twitter accounts connected to their Bitly account, it is not possible to publish to these accounts until users reconnect their Facebook and Twitter profiles.”

Registered users are requested to reset their API keys and OAuth tokens. iPhone App users can download an updated version (1.6.3) from the App Store today.

Hat’s off to the team at Bit.ly for getting in out in front of this issue and taking aggressive steps to protect their user’s personal information. While no one feels good about having to deal with a compromised account of any sort, responses like Bit.ly’s provide users with added confidence about using the service moving forward.

Do you feel safe using Bit.ly services, or move to another URL shortener? Sound off in the comments below!